| From d4ff19de527cd3eb444c560639324cda35bc838e Mon Sep 17 00:00:00 2001 |
| From: mancha <mancha1@zoho.com> |
| Date: Sun, 1 Jun 2014 |
| Subject: CVE-2014-3467 |
| |
| This is a backport adaptation for use with GnuTLS 2.12.23. |
| |
| Relevant upstream commit(s): |
| ------------------------- |
| http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e3 |
| http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda4 |
| |
| --- |
| lib/minitasn1/decoding.c | 6 +++--- |
| 1 file changed, 3 insertions(+), 3 deletions(-) |
| |
| --- a/lib/minitasn1/decoding.c |
| +++ b/lib/minitasn1/decoding.c |
| @@ -149,7 +149,7 @@ asn1_get_tag_der (const unsigned char *d |
| /* Long form */ |
| punt = 1; |
| ris = 0; |
| - while (punt <= der_len && der[punt] & 128) |
| + while (punt < der_len && der[punt] & 128) |
| { |
| last = ris; |
| |
| @@ -259,7 +259,7 @@ _asn1_get_time_der (const unsigned char |
| if (der_len <= 0 || str == NULL) |
| return ASN1_DER_ERROR; |
| str_len = asn1_get_length_der (der, der_len, &len_len); |
| - if (str_len < 0 || str_size < str_len) |
| + if (str_len <= 0 || str_size < str_len) |
| return ASN1_DER_ERROR; |
| memcpy (str, der + len_len, str_len); |
| str[str_len] = 0; |
| @@ -285,7 +285,7 @@ _asn1_get_objectid_der (const unsigned c |
| return ASN1_GENERIC_ERROR; |
| len = asn1_get_length_der (der, der_len, &len_len); |
| |
| - if (len < 0 || len > der_len || len_len > der_len) |
| + if (len <= 0 || len > der_len || len_len > der_len) |
| return ASN1_DER_ERROR; |
| |
| val1 = der[len_len] / 40; |